/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package Model;

import Controller.CustomerManager;
import Controller.LogManager;
import java.io.IOException;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 *
 * @author pauld
 */
@WebServlet(name = "editUser", urlPatterns = {"/editUser"})
public class editUser extends HttpServlet{
    private static String lname = null,
            fname = null,
            mname = null,
            email = null,
            add = null,
            country = null,
            zip = null;
    
    protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        
        response.setContentType("text/html;charset=UTF-8");
        
        if( CustomerManager.editInfo(email, lname, fname, mname, add, zip, country, request.getSession()) ){
            LogManager.logEvent("EditUser." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.INFO, "Edit User Successful", request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            response.sendRedirect("myProfile.jsp?saved=1");
        }
        else{
            LogManager.logEvent("EditUser." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.WARNING, "Edit User Unsuccessful", request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            response.sendRedirect("myProfile.jsp?saved=2");
        }
    }
    
    //method for checking the user inputs
    //returns boolean 
    //true if user inputs are valid and fals otherwise
    private static boolean checkInput(HttpServletRequest request){
        //get the form values and store them on the variables
        lname = request.getParameter("lname");
        fname = request.getParameter("fname");
        mname = request.getParameter("mname");
        email = request.getParameter("email");
        add = request.getParameter("add");
        country = request.getParameter("country");
        zip  = request.getParameter("zip");
        
        String regexEmail = "^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$", //whitelist
                regexNum = "^[0-9]+$", //whitelist
                regexAlpha = "^[A-Za-z ]+$", //whitelist
                regexXSS = "[<(.*?)>]"; //blacklist
        
        Pattern pEmail = Pattern.compile(regexEmail, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE),
                pNum = Pattern.compile(regexNum, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE),
                pAlpa = Pattern.compile(regexAlpha, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE),
                pXSS = Pattern.compile(regexXSS, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE);
        
        Matcher mEmail = pEmail.matcher(email),
                mZip = pNum.matcher(zip),
                mlname = pAlpa.matcher(lname),
                mfname = pAlpa.matcher(fname),
                mmname = pAlpa.matcher(mname),
                mcountry = pAlpa.matcher(country),
                mAdd = pXSS.matcher(add),
                mzip = pNum.matcher(zip);
        
        boolean resultEmail = mEmail.find(),
                resultZip = mZip.find(),
                resultlname = mlname.find(),
                resultfname = mfname.find(),
                resultmname = mmname.find(),
                resultcountry = mcountry.find(),
                resultAdd = mAdd.find(),
                resultzip = mzip.find();
        
        //check the length of the user inputs
        if( (email.length() > 0 && email.length() <= 25) &&
            (lname.length() > 0 && lname.length() <= 25) &&
            (fname.length() > 0 && fname.length() <= 25) &&
            mname.length() == 1 && 
            (add.length() > 0 && add.length() <= 45) &&
            (country.length() > 0 && country.length() <= 25) && 
            (zip.length() > 0 && zip.length() <= 4) &&
                resultEmail &&
                resultZip &&
                resultlname &&
                resultfname &&
                resultmname &&
                resultcountry &&
                !resultAdd &&
                resultzip)
            return true;
        else
        {
            LogManager.logEvent("EditUser." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.WARNING, "Edit User Unsuccessful - Invalid Input", request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            return false;
        }
    }
    
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        if( checkInput(request) )
            processRequest(request, response);
        else
            response.sendRedirect("myProfile.jsp?saved=0");
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        if( checkInput(request) )
            processRequest(request, response);
        else
            response.sendRedirect("myProfile.jsp?saved=0");
    }

    @Override
    public String getServletInfo() {
        return "Short description";
    }
}
